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DETAILED ACTION 

1 . This action is responsive to communication: original application filed 
27 October 2000 with a foreign priority date of 29 October 1999. 

2. Claims 1-19 are currently pending in this application. Claims 1 and 10 are independent 
claims. Claims 8, 9, 17, 18, and 19 are amended as shown in preliminary amendment. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

4. Claims 1, 2, 4, 8, 10, 11, 13, and 19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Nagai et al. U.S. Patent No. 6,490,687 (hereinafter '687) in further view of Yu 
et al., U.S. Patent No. 6,067,621 (hereinafter '621). 

As to independent claim 1, "A method of reliably identifying a user in a computer 
system, in which method a mobile station is used for Communicating with the computer 
system and a personal identification number is supplied into the mobile station, the method 
comprising the steps of:" is taught in '687 col. 3, lines 47-50 "A PC-card pager PG, is a 
PCMCIA card having encryption function and pager function. The PC-card pager PCM has an 
interface 201 which is designed to be connected to the PC cardslot of a mobile terminal MTJ 
(here notebook computer)"; 




Application/Control Number: 09/698,774 Page 3 

Art Unit: 2134 

"generating a first one-time password in the mobile station without any action by the 
user by utilizing a known algorithm on the basis of a personal identification number of the 
user, subscriber-specific identifier read from a subscriber-specific identification module of 
the mobile station, device-specific identifier of the mobile station ... encoding the first one- 
time password and the subscriber-specific identifier of the user at the mobile station 9 ' is 
shown by '687 col. 3, lines 45-59 "A PC-card pager PG, is a PCMCIA card having encryption 
function and pager function. The PC-card pager PCj has an interface 201 which is designed to 
be connected to the PC card slot of a mobile terminal MTj . . . one-time password . . . pager ID"; 

"transmitting the encoded password and subscriber-specific identifier 
to an authentication server of the computer system" is taught in '687 col. 5, lines 49-53 
"The encrypted authentication information is sent back to the mobile terminat MTJ and is then 
transmitted to the stationary switchd network (stepS312) and further to the host computer 13"; 

"identifying the user at the authentication server on the basis of the subscriber- 
specific identifier, and searching a database for the personal identifier number of the user 
and the device-specific identifier of the mobile station associated with the user" is shown in 
c 687 col. 5, lines 54-67 "the processor 102 compares the decrypted authentication information 
with the registered authentication information stored in the memory"; 

"generating a second one-time password at the authentication server by utilizing the 
predetermined algorithm on the basis of the personal identification number of the user, 
subscriber-specific identifier, device-specific identifier of the mobile station" is disclosed in 
'687 col. 6, lines 29-41 "the processor 102 of the host computer 13 reads the pager ID and the 
one-time password of the authorized user name from the memory 103. Then the processor 102 
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calculates a Hash value H from the one-time-password using erator 105 according to the Hash 
value H and then obtains"; 

"comparing the first password and the second password with each other at the 
authentication server, and if the passwords match" is taught in '687 col. 6, lines 49-50 "The 
decrypted authentication information is matched with the registered one"; 

"enabling the telecommunication connection between the mobile station of the user 
and the computer system" is shown in '687 col. 7, lines 4-19 "and permits the user to log in to 
the host computer 13"; 

the following is not taught in '687 "and time" however '621 teaches "When the terminal and the 
server further comprise each counter for synchronizing the terminal with the one-time password 
is determined" in col. 5 lines 14-17. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the authentication system using mobile stations taught in '687 to include a means to 
synchronize the timing of the authentication server with the mobile station. One of ordinary skill 
in the art would have been motivated to perform such a modification because in a user 
authentication system where a real time clock (RTC) challenge response is used the timing must 
be the same between the user and authentication server see '621 (see col. 2, lines 49 et seq.) "In 
the user authentication method in which the RTC is used, the terminal owned by the user must be 
synchronized in time with the server of the service provider in order to generate the one-time 
password and authenticate the user". 

As to dependent claim 2, "wherein the mobile station synchronizes the timimg of the 
mobile station with the timing of the authentication server before the identification 
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procedure is started" is taught in 6 621 col. 8, lines 10-17 "The password verifier 147 checks 
whether the received password is identical to the generated password, and verifies the one-time 
password. The counter memory 145 stores a counter value for synchronizing the terminal 120 
with the server 140". 

As to dependent claim 4, "wherein the authentication server transmits no 
information to the mobile station if the first and the second passwords do not match" is 
disclosed in '687 col 6, lines 1-2 "If the decrypted authentication information does not match the 
registered one, the login is rejected". 

As to dependent claim 8 "wherein information necessary for encryption is stored in 
the terminal in more than one subscriber-specific identification module" is taught in 6 687 
col. 3, lines 1-3 "Further, the respective authorized users have PC-card pager PGi-PGn and 
mobile or portable terminals MTi-MTn such as notebook computers". 

As to independent claim 10, "An arrangement for reliably identifying a user in a 
computer system, which arrangement comprises a mobile station used for communicating 
with the computer system, the mobile station comprising a subscriber-specific 
identification module comprising a subscriber-specific identifier, a device-specific identifier 
permanently encoded in the mobile station, means for reading a personal identifier number 
which is supplied by the user and which enables the device to be used" is disclosed in '687 
col. 3, lines 1-14 "In other words, by connecting the PC-card pager of the authorized user to the 
mobile terminal, the user can also log in to the host computer 13 outside the office building 10"; 

"means for checking the correctness of the identifier number always before the 
device is put to use which arrangement comprises an authentication server comprising 
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memory means for storing the user names of the users in the system and the corresponding 
personal identifiers and device-specific identifiers" is taught in '687 col. 3, lines 31-35 "The 
host computer 1 further includes a memory 103 for storing authorized user name information, an 
encryption table 104, and a random number generated (RNG) 105"; 

"the mobile station further comprising means for generating a first one-time 
password without any action by the user by utilizing a known algorithm on the basis of the 
personal identification number of the user, subscriber-specific identifier read from a 
subscriber-specific identification module of the mobile station, device-specific identifier of 
the mobile station ... means for encoding the first one-time password and the subscriber- 
specific identifier of the user" is shown by '687 col. 3, lines 45-59 "A PC-card pager PG, is a 
PCMCIA card having encryption function and pager function. The PC-card pager PCj has an 
interface 201 which is designed to be connected to the PC card slot of a mobile terminal MTj . . . 
one-time password . . . pager ID"; 

"means for transmitting the encoded password and subscriber-specific identifier to 
an authentication server of the computer system" is taught in '687 col. 5, lines 49-53 "The 
encrypted authentication information is sent back to the mobile terminat MTJ and is then 
transmitted to the stationary switchd network (stepS312) and further to the host computer 13"; 

"the authentication server is further arranged to identify the user on the basis of the 
subscriber-specific identifier, and search a database for the personal identifier number of 
the user and the device-specific identifier of the mobile station associated with the user" is 
shown in '687 col. 5, lines 54-67 "the processor 102 compares the decrypted authentication 
information with the registered authentication information stored in the memory"; 
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"generate a second one-time password at the authentication server by utilizing the 
predetermined algorithm on the basis of the personal identification number of the user, 
subscriber-specific identifier, device-specific identifier of the mobile station" is disclosed in 
'687 col 6, lines 29-41 "the processor 102 of the host computer 13 reads the pager ID and the 
one-time password of the authorized user name from the memory 103. Then the processor 102 
calculates a Hash value H from the one-time-password using erator 105 according to the Hash 
value H and then obtains"; 

"compare the first password and the second password with each other at the 
authentication server, and if the passwords match" is taught in '687 col. 6, lines 49-50 "The 
decrypted authentication information is matched with the registered one"; 

"enable the telecommunication connection between the mobile station of the user 
and the computer system" is shown in '687 col. 7, lines 4-19 "and permits the user to log in to 
the host computer 13" 

the following is not taught in '687 "and time" however '621 teaches "When the terminal and 
the server further comprise each counter for synchronizing the terminal with the one-time 
password is determined " in col. 5 lines 14-17. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the authentication system using mobile stations taught in '687 to a means to 
synchronize the timing of the authentication server with the mobile station. One of ordinary skill 
in the art would have been motivated to perform such a modification because in a user 
authentication system where a real time clock (RTC) challenge response is used the timing must 
be the same between the user and authentication server see '621 (see col. 2, lines 49 et seq.) "In 



Application/Control Number: 09/698,774 Page 8 

Art Unit: 2134 

the user authentication method in which the RTC is used, terminal owned by the user must be 
synchronized in time with the server of the service provider in order to generate the one-time 
password and authenticate the user". 

As dependent claim 11, 13, and 19 these claims incorporate substantially similar subject 
matter as in cited in the claims 2, 4, and 8 above and are rejected along the same rationale. 
5. Claims 3 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over '687 in 
further view of '621 in further view of Dynarski et al. U.S. Patent No. 6,466,571 issued 15 
October 2002 (hereinafter '571). 

As to dependent claim 3, the following is not taught in the combination of teachings of 
'687 and '621 "wherein the user is identified automatically when the user starts an 
application utilizing the computer system in the mobile station" however '571 teaches "The 
home agent uses the identification information to locate, page and automatically connect the 
device via the network access server" in col. 3, lines 4-31. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the authentication system using mobile stations with a synchronizing means taught in 
the combination of '687 and '621 to include a means to allow the user to be identified 
automatically. One of ordinary skill in the art would have been motivated to perform such a 
modification because automatically connecting to a network allows more user flexibility see '571 
(see col. 2, lines 18 et seq.) "The present invention attempts to overcome these problems and 
provide a simple, efficient and automatic way of finding a mobile user". 

As dependent claim 12, this claim incorporates substantially similar subject matter as in 
cited in the claim 3 above and is rejected along the same rationale. 



Application/Control Number: 09/698,774 Page 9 

Art Unit: 2134 

6. Claims 5-7, 9 and 14-18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
'687 in further view of '621 in further view of Dynarski et al. U.S. Patent No. 6,628,671 issued 
30 September 2003 (hereinafter '671). 

As to dependent claim 5, the following is not taught in the combination of teachings of 
'687 and '621 "wherein during the identification, the terminal transmits to the 
authentication server a message comprising at least a field comprising a SRES value, a field 
comprising time, a field comprising an international telephone number of the terminal, and 
a field comprising a device number of the terminal" however '671 teaches "The Call Control 
Task 1 14 maintains a list of dynamic call database (DCD) records ... Each record contains a 
collection of information on a per call basis, such as access information into fram relay task for 
communications with the CBSC and with the MARC card; session Ids; the Mobile IMSI/MIN, 
and ESN numbers for the mobile device; the CBSC Number; a CBSC identifier for the last active 
packet data session" in col. 12, line 60 through col. 13 line 17. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to modify the authentication system using mobile stations with a synchronizing means taught in 
the combination of '687 and '621 to include a means to recognize mobile stations based on their 
PPP. One of ordinary skill in the art would have been motivated to perform such a modification 
because losing coverage in wireless connection is a common occurrence see '671 (see col. 2, 
lines 14 et seq.) "The known prior art has failed to recognize that if a PPP session for a user goes 
dormant and the user then connects of different IWU (or to a different port in the same IWU), 
that the PPP negotiated parameter and the stat e for a call which is currently going dormant can 
be used to make the new PPP connection". 
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As to dependent claim 6 and 7 "wherein during the identification, a PPP/CHAP 
protocol is used in connection with a RADIUS protocol, and the terminal transmits to the 
authentication server a message comprising at least a field comprising a SRES value, a field 
comprising a user name to the system, and a field comprising a password generated from a 
device identifier, sub-scriber-specific identifier of the user, personal identification number 
of the user, time and the SRES value" and "wherein during the identification, a PPP/PAP 
protocol is used in connection with the RADIUS protocol, and the terminal transmits to the 
authentication server a message comprising at least a field comprising a password 
generated from thE,~ device identifier, subscriber-specific identifier of the user, personal 
identification number of the user, time, and SRES value, a field comprising a SRES value, 
and a field comprising a user number to the system" is taught in '671 col. 3 lines 55-62 "The 
authorization server, for example a RADIUS authentication, authorization and accounting server, 
responsively issues an access-accept message to the network access server". 

As to dependent claim 9 "wherein the user name to the system is the user's 
MSISDN" is shown in '671 col. 3, lines 48-52 "uniquely identifying the device (such as an 
International Mobile System Identification number (IMSI)". 

As to dependent claim 18, "wherein the mobile station is a GPRS system mobile 
station" is disclosed in 6 671 col. 3, lines 41-47 "In one possible example, the first PPP session 
. . .a second radio tower in the wireless communication network". 

As dependent claim 14, 15, 16 and 17 these claims incorporate substantially similar 
subject matter as in cited in the claims 5, 6, 7. and 9 above and are rejected along the same 
rationale. 
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Conclusion 



7. Any inquiry concerning this communication or earlier communications from the 

examiner should be directed to Ellen C Tran whose telephone number is 

(703) 305-8917. The examiner can normally be reached on 6:30 am to 3:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A Morse can be reached on (703) 308-4789. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 306-5484. 



Ellen Tran 
Patent Examiner 
Technology Center 2134 
16 March 2004 
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